[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: getzenv() to use (unix) environment ZCONFIG

On Thu, 2002-07-11 at 18:16, Matti Aarnio wrote:

> > Do you already have a global flag saying "suid program, stay alert"?
> > Or is it OK to just check "if (getuid() != geteuid()) { be extra
> > causios; }" in the text?  What exactly check sould be performed?
> > Is simple "if (access(file,W_OK) == 0) { complain loudly and abort; }"
> > sufficient?
>   In this regard I would be extremely paranoid, alike:
>     if (getuid() != geteuid()) {
>                      " SUID-SOMETHING MODE!\n");
>       abort();
>     }

Look at my checks; and and if you don't feel confident you might replace
them with abort() :-)

[yes, I realized that at least W_OK check is insufficient: the attacker
may chmod his own file u-w and the check will succeed but the file is
still under the attacker's control.]

> > right, and anotehr thing, is it necessary to have redundant definition
> > of getzenv() in both libc.h and mail.h?
>    include/mail.h.in  you mean ?
>    I think the  include/libc.h  should be sufficient.
>    Remove the definition from  mail.h(.in), and then do:
> 	make clean; make
>    That will be most educative.

Looks OK (but I could have missed some compile warnings).

>    Recall also what I told you about  MAILSHARE  z-environment, and its
>    uses.  All MTA instances might share the MAILSHARE, but should not
>    share MAILVAR.  (e.g.  MAILSHARE/router.cf  isn't very good thing..)

I'll have different MAILSHARE to have different scheduler.conf and
smtpserver.conf (at least).

Maybe I'll also implement another feature: BINDADDRESS zenv variable
that would affect both smtpserver and smtp transport if no explicit
PARAM/command line option is specified...  Then there will be no need in
separate smtpserver.conf and scheduler.conf!


To unsubscribe from this list: send the line "unsubscribe zmailer" in
the body of a message to majordomo@nic.funet.fi